You might recall that there was an exploit where millions of Android phones can be hacked via a text message. Google has released a patch that was designed to address this. But Jordan Gruskovnjak of security firm Exodus says that the patch is incomplete. This is backed up by Joshua Drake of Zimperium who found this exploit in the first place:
A report released today by Exodus Intelligence said that Gruskovnjak had doubts about the completeness of the patch on July 31, but was not able to verify the fix since one had not yet been distributed. Once Gruskovnjak had the updated firmware on a Nexus 5 phone, he developed an MP4 file—the simplest attack vector, Drake said, involved sending a vulnerable device a crafted MMS message that would exploit the vulnerability—that bypassed the patch.
Lovely. It will be interesting to see what Google does to address this because one has to think that if attacks are not already in the wild, they will be shortly.
Related
This entry was posted on August 14, 2015 at 10:36 am and is filed under Commentary with tags Android, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Google Patch For “Stagefright” Exploit Deemed “Incomplete”
You might recall that there was an exploit where millions of Android phones can be hacked via a text message. Google has released a patch that was designed to address this. But Jordan Gruskovnjak of security firm Exodus says that the patch is incomplete. This is backed up by Joshua Drake of Zimperium who found this exploit in the first place:
A report released today by Exodus Intelligence said that Gruskovnjak had doubts about the completeness of the patch on July 31, but was not able to verify the fix since one had not yet been distributed. Once Gruskovnjak had the updated firmware on a Nexus 5 phone, he developed an MP4 file—the simplest attack vector, Drake said, involved sending a vulnerable device a crafted MMS message that would exploit the vulnerability—that bypassed the patch.
Lovely. It will be interesting to see what Google does to address this because one has to think that if attacks are not already in the wild, they will be shortly.
Share this:
Like this:
Related
This entry was posted on August 14, 2015 at 10:36 am and is filed under Commentary with tags Android, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.